Because of a defect in handling queries for NSEC3-signed zones,
BIND can crash with an "INSIST" failure in name.c when processing
queries possessing certain properties. By exploiting this defect
an attacker deliberately constructing a query with the right
properties could achieve denial of service against an authoritative
nameserver serving NSEC3-signed zones.

BIND 9 nameservers using the DNS64 IPv6 transition mechanism are
vulnerable to a software defect that allows a crafted query to
crash the server with a REQUIRE assertion failure. Remote
exploitation of this defect can be achieved without extensive
effort, resulting in a denial-of-service (DoS) vector against
affected servers.